HF Best Ideas
AnalysesQuarterly Letters

Privacy Policy

Last updated: 2025-09-30

0. Data Controller

The data controller for the purposes of the EU/UK General Data Protection Regulation (GDPR/UK GDPR) is HF Best Ideas. If you have questions or requests regarding this Policy or your personal data, please contact us using the information provided on the Site.

1. Overview

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use HF Best Ideas (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this Policy.

2. Information We Collect

  • Account Information: email address, password (hashed), and profile details you provide.
  • Usage Data: logs of interactions with the Service, device information, IP address, timestamps.
  • Content You Provide: queries, search terms, and other inputs you submit.
  • Cookies: used for essential functionality, authentication, and performance. See our Cookie Policy.

3. Legal Bases for Processing (GDPR)

  • Performance of a contract (Art. 6(1)(b) GDPR): to provide and operate the Service you request.
  • Legitimate interests (Art. 6(1)(f) GDPR): to secure and improve the Service, prevent abuse, and understand usage.
  • Consent (Art. 6(1)(a) GDPR): where required for certain cookies/communications. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with applicable laws and requests from authorities.

4. How We Use Information

  • Provide, maintain, and improve the Service.
  • Authenticate users and secure access.
  • Send transactional communications (e.g., confirmations, password resets).
  • Analyze usage to enhance features and performance.
  • Comply with legal obligations and enforce our Terms.

5. Sharing of Information

We do not sell personal data. We may share information with trusted service providers (e.g., hosting, analytics, email delivery) who process data on our behalf under appropriate safeguards. We may also share information when required by law or to protect rights and safety.

6. International Transfers

Your information may be processed outside your country, including outside the EU/EEA/UK. Where required, we implement appropriate safeguards (such as the European Commission’s Standard Contractual Clauses and UK addendum) to protect personal data transferred internationally. You may contact us for more information about these safeguards.

7. Data Retention

We retain information only for as long as necessary to fulfill the purposes described in this Policy or as required by law. Retention periods vary depending on account status, legal requirements, and operational needs.

8. Your Rights (GDPR/UK GDPR)

Subject to conditions and exceptions under applicable law, you may have the following rights:

  • Access your personal data (Art. 15).
  • Rectification of inaccurate data (Art. 16).
  • Erasure (“right to be forgotten”, Art. 17).
  • Restriction of processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing, including for legitimate interests (Art. 21).
  • Withdraw consent at any time (Art. 7(3)).
  • Not be subject to a decision based solely on automated processing, including profiling, producing legal effects (Art. 22) — we do not engage in such decision-making.

To exercise your rights, contact us using the information provided on the Site. We may need to verify your identity before fulfilling requests.

9. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children’s Privacy

The Service is not directed to children. We do not knowingly collect personal information from individuals under the age of 16 (or as defined by applicable law).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page with an updated “Last updated” date. Your continued use of the Service after changes become effective constitutes acceptance of the revised Policy.

12. Supervisory Authority & Contact

If you are located in the EU/EEA or UK, you have the right to lodge a complaint with your local data protection authority. Without limiting this right, we encourage you to contact us first so we can address your concerns. For questions about this Policy or our practices, please contact us using the information provided on the Site.